1. Field
Embodiments of the invention relate to the field of processing network traffic; and more specifically, to the brokering a transmission control protocol session between two clients.
2. Background
Clients, such as computers, laptops, etc., can transmit and/or receive data using transmission control protocol (TCP) to provide a reliable, ordered delivery of that data. For example, a client uses TCP to transport Web, e-mail, file transfer, voice over internet protocol (VOIP) data, or other types of data. To transport data to another client using TCP, a client first needs to establish a TCP session with the other client. Pairs of clients establish a TCP session using a 3-way handshake. In this handshake, one client initiates the TCP session using a TCP session request (e.g., a TCP SYN packet). The other client receives the TCP session request and acknowledges the TCP session request by transmitting a response to the TCP session request back to the initiating client (e.g., a TCP SYN ACK packet). Upon receiving the response, the initiating client sends an acknowledgement to the other client (e.g., a TCP ACK packet).
Modern firewalls, however, will typically drop a TCP session request that is incoming to a client and thus preventing the establishment of a TCP session with a client that is behind a firewall. For example, this can prevent the establishment of a TCP session between two clients that are each behind a firewall for a voice over internet protocol (VOIP) call or other multimedia communication (e.g., chat, file sharing, etc.). In addition, a firewall may perform network address translation as known in the art. Currently, there are two known ways to overcome this problem: (i) create a permanent hole in the firewall so that incoming TCP session requests can reach a client behind that firewall or disable TCP state checking in the firewall and (ii) have a network element terminate a TCP session with each client and forward TCP traffic between each of the sessions. Each of these ways has drawbacks. For example, creating a hole in a firewall is a security risk to that client protected by the firewall. As another example, requiring the network element to forward traffic between the TCP sessions does not scale well because the network element would need to maintain a full TCP stack for each terminated TCP session.